Thursday, November 1, 2012

How to configure HP LaserJet Printer IPsec Encryption

 

I always recommend using a static IP for network printers. Once you have that configured use the printers web interface by going to that IP address using internet explorer.

Select the” Networking” Tab > “IPsec/Firewall” as shown below:

clip_image002

First we will add a rule to allow unencrypted traffic from all connections we will later define IPsec rules specific to the print server. You can set encrypted for all but keep in mind if it fails you will have a harder time remotely repairing it.

Select “Add Rules” > “All IP Addresses” as shown below:

clip_image004

Select “All Services” >”Next” as shown below:

clip_image006

Select “Allow traffic…” >”Next” as shown below:

clip_image008

Select “Finish” >”Next” as shown below:

clip_image010

Select “OK” as shown below:

clip_image012

It should take you back to the ” Networking” Tab > “IPsec/Firewall” as shown below:

Note: “Enable IPsec/Firewall” is unchecked

clip_image014

Now we will add an Encrypted Rule:

Select “Add Rules” > “New” as shown below:

clip_image016

Name the Rule, Specify the local and remote IP Addresses or Ranges and Select “OK” as shown below:

clip_image017

Select your new Custom Address Template > “Next” as shown below:

clip_image019

Select “All Services” >”Next” as shown below:

clip_image020

Select “Require traffic…” >”Next” as shown below:

clip_image021

Select “New” as shown below:

clip_image022

Name the Template, Specify the encryption type > “Next”

clip_image023

Review any alerts and click “OK”

clip_image024

Specify the Authentication Method in this case I am using a pre-shared key> “Next” as shown below:

clip_image025

Select your new Custom IPsec Template > “Next” as shown below:

clip_image026

Select “Finish” >”Next” as shown below:

clip_image028

Select “OK” as shown below:

clip_image029

It should take you back to the ” Networking” Tab > “IPsec/Firewall” you now need to put your Rules in order by changing the number in the “Rule” field keeping the higher security rules first and select “Apply” as shown below:

Note: “Enable IPsec/Firewall” is still unchecked

clip_image031

Warning: You break it your bought it. If it goes south you will have to factory reset your printer to gain access again.

To enable the rule select “Enable IPsec/Firewall” and select “Apply” as shown below:

Note: You will be prompted with a warning and an option to enable the failsafe.

clip_image033

Setting up PC IPsec policy to communicate to the HP printer (rough draft)

Edit IP Security Policies on Local Computer and create a new IP Filter:

clip_image034

clip_image036

clip_image037

Source: MY IP Address

clip_image038

Protocol: ANY

Authentication Method:

clip_image040

Filter Actions:

clip_image042

clip_image043

You can view the policy to confirm communications are working by:

pinging the printer IP after both are enabled

access the printer console with the printer IP in your webbrowser

and using the IP Security Monitor to View Main or Quick Security Associations

Note: if you did not select “All Services” above on the HP printer policy you will have intermittent communications issues. I would recommend all or nothing…

1 comment: